{% if external_oracle_auth_use_instance_principals %}
useInstancePrincipals: true
{% endif %}

auth:
{% if external_oracle_auth_use_instance_principals %}
  useInstancePrincipals: true
{% else %}
  useInstancePrincipals: false
  region: {{ external_oracle_auth_region }}
  tenancy: {{ external_oracle_auth_tenancy }}
  user: {{ external_oracle_auth_user }}
  key: |
    {{ external_oracle_auth_key }}
  {% if external_oracle_auth_passphrase is defined %}
  # Omit if there is not a password for the key
  passphrase: {{ external_oracle_auth_passphrase }}
  {% endif %}
  fingerprint: {{ external_oracle_auth_fingerprint }}
{% endif %}

compartment: {{ external_oracle_compartment }}

vcn: {{ external_oracle_vcn }}

loadBalancer:
  subnet1: {{ external_oracle_load_balancer_subnet1 }}
  subnet2: {{ external_oracle_load_balancer_subnet2 }}

  securityListManagementMode: {{ external_oracle_load_balancer_security_list_management_mode }}

{% if external_oracle_security_lists is defined and external_oracle_security_lists | length > 0 %}
  # Optional specification of which security lists to modify per subnet. This does not apply if security list management is off.
  securityLists:
  {% for subnet_ocid, list_ocid in external_oracle_load_balancer_security_lists.items() %}
    {{ subnet_ocid }}: {{ list_ocid }}
  {% endfor %}
{% endif %}

# Optional rate limit controls for accessing OCI API
rateLimiter:
  rateLimitQPSRead: {{ external_oracle_ratelimiter_qps_read }}
  rateLimitBucketRead: {{ external_oracle_ratelimiter_bucket_read }}
  rateLimitQPSWrite: {{ external_oracle_ratelimiter_qps_write }}
  rateLimitBucketWrite: {{ external_oracle_ratelimiter_bucket_write }}
